If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Enjoy an ad free experience by logging in. Not a member yet? Register.

Quiz Answer Help: Apostrophe Issue

I created a quiz to help me study for an exam I have coming up. It matches the answer with the correct answer to see if I got the answer right or not. This works for most of the questions, but if the answer has an ' in it it will display the answer as \' instead, and they will not match. I'm not sure why this is happening, though I think it's something pretty simple that I haven't noticed.

Is the \' coming from a string entered by the user on a form, or from the selection called on the database?
Also, do you have a formatted version of this? Its pretty hard to follow when there's no indentation :P

The \' Is coming from the radio button after it is chosen. It will display as &#039; in the question page, and when I call the database to check the answer it displays as &#039;. The question page displays fine, but when I click "calculate results" when it displays the results page it gets switched over to the \' so the check doesn't work as they are now different strings.

This is caused by an ini directive called magic_quotes_gpc. It was one of the worst ideas they ever came up with, and fortunately the functionality is now gone as of 5.4.0.
Still, until you program specifically for the 5.4+, you must take care to remove them. If the post is simple, you can cheat it by simply mapping the array instead of walking it (if you were making a larger system, I'd suggest walking all the globals instead).

I haven't gone through all of this, but there appears to be some issues with security for sure. If its just for yourself on a local network, I'd say don't worry too much about them; if its in a public domain, you'll definitely want to fix that. It can be cleaned up a bit as well and compacted on the queries and whatnots, but I'd suggest you're more interested in getting it to work for your culinary exams.

Users who have thanked AndrewGSW for this post:

Hmm well I've come to understand what you're telling me. Is it's basically just taking the backslash out when magic quotes are present? So basically I'd be comparing ' to &#039 which still wouldn't match. But now without the backslash I can use preg_replace to change ' to '. I still don't understand why this is an issue if I have PHP 5.2 with magic quotes off selected, shouldn't they be off then? Maybe something to take up with my host? Also why does POST change ' to '?

EDIT: I also tried switching to PHP 5.4 to fix the problem. It was still turning the &#039 to ', I figure this has something to do with post? Only thing I noticed with the change was it took away the backslash that occurred. As it caused errors in other pages I reverted back for now, but will upgrade as soon as I get a chance.

No you want to make sure you are comparing ' to '. When you take input from a form with magic_quotes_gpc enabled, this escapes the ' to become \'. You stripslash it so it removes the escape from the string. Since PHP isn't sensitive to using the addslashes (implicitly from the magic_quotes) and the mysql_real_escape_string, it would definitely corrupt the data when inserting to a database. Likewise, since you are not comparing using the SQL query itself, you need to make sure the state of the apostrophe is the same in both the input string and the retrieved string.

If you are seeing ' I'd suspect that is coming from your storage where htmlentities were used to convert it. Don't convert with htmlentities before storage; use it after selection instead. That said, assuming it is also the case the htmlentities can be used on the input string (using the ENT_QUOTES as the second parameter) to compare the two.